Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 18 Jan 2017 00:54:21 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: multiple crashes with UBSAN

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The previous mail clearly state:
>> Timeline:
>> 2016-10-28: bug discovered and reported to upstream

> Why CVE-2017-* ?

The year portion of a CVE ID does not necessarily correspond to a
vulnerability discovery date. To obtain a CVE-2016-* ID, at least one
of the following must be true:

  - the original CVE ID request occurred during 2016

or

  - the original CVE ID request mentioned a specific vulnerability
    reference URL that was a publicly accessible URL before the end of
    2016 (although a Reproducer URL is very useful, we do not consider
    it a vulnerability reference URL)

These criteria were not met, and therefore a CVE-2017-* ID was
assigned, and remains the correct ID.

For the other CVE-2017-* numbers associated with similar timelines,
the CVE-2017-* number remains valid. We do not change them to
CVE-2016-* numbers.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfwJ+AAoJEHb/MwWLVhi2SroQAKl5y+adO9sOb86mXQIznunB
lxZusAsBZ4UzKDw8hzzF+pxPcJoQujEa1Dbr+0TJhJ+LMHvIF9fdqFVTfUk3HizH
yIRWiQtKDLkt3971DzpSPIZOg4af2BhPLwUMW7hToGB94tUKvtdSHEquaRSMZFLF
WDs+hAuLgeF5SzhjC49MDNbUt9Xbn+m79rTBayxvCD3p1CpePJ5cuvPscdLmhvuS
qXNzYdtjRIVf9puO2kEcr+5vt8gSKggWmgUt6hSWsVMCj16wrliGfaUYwvhFqybN
qnNW83aC28xIUpHSrpFQ1LEc5vosOmQJ9Q5uvHfWplbw5BZR0YwZaN7gKyVmS7NB
cpTFGktRwwl0bHEMY+q13Z2Mc/vc67GGw4sBy/A2gGvvn505pWyaCgKK90Wu+93u
ztPYKHguUR/47C6XwMCmJXCLXvZU5zTil7nemw/DZqQ5/fy2v44gef0Fad23lCL0
JU9qw2CJ/1Xh6H6zSlVbeGcoFAanrq4ePOs9yINWl8GpCMJCBgX+WGU7mKbp3L7d
8kWO90F/JkSLDrb52EyTkyqI8npeKSMRybG2tpcyyKzgkAJK9WvcHNvtrVIAro0f
89oxDrNmPv9PIth0Gvr0pyTRlaWN6V40x+GGeIu17gTCoSb0zpJIueydhnJuIhaE
V8c9BHJtVjtdd1LHa9vM
=pEew
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ